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8 (57)Abstract: 

fi PROBLEM TO BE SOLVED: To block an attack from the Internet 

without introducing network equipment related to security such as a 
firewall or an IDSdntrusion detection system) and without forcing a 
burden on a user for acquiring knowledge for operating the 
introduced network equipment. 

SOLUTION: This network base invasion examining method has an 
" examination object data distinguishing step for distinguishing the 
/ data of an examination object on the basis of the designation by a 
user on a network manager side, an attach data investigating step for 
investigating whether data designated as an examination object are 
data to be attacked or not and a step for selecting only data which 
are not to be attacked and data which are not designated as an 
examination object, from the investigated result and providing such 
data from the network manager to the user. 
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1. This document has been translated by computer. So the translation may not reflect the original precisely. 

2. **** shows the word which can not be translated. 
S.In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1]A network base invasion inspection method comprising: 

A subject'of-examination data distinction step which distinguishes data to be examined based on a user s 
specification by the network operator side. 

An attack data survey step which investigates whether data specified as a subject of examination is data 
which attacks. 

A select data offer step which chooses only data which does not deliver an attack, and data which was not 
specified as a subject of examination from an investigated result and with which a network operator 
provides a user. 

[Claim 2]In order to transmit data which a user specified as a subject of examination to an inspection 
system in the network base invasion inspection method according to claim 1, A network base invasion 
inspection method having a routing step which specifies the point which transmits a subject of examination 
and data to be examined as a router which constitutes a network which a network operator is managing. 
[Claim 3]A network base invasion inspection method having an attack inspection central control step which 
manages intensively an inspection of an attack on two or more users who have connected with a network 
which a network operator is managing in the network base invasion inspection method according to claim 1 . 
[Claim 4]Network base invasion test equipment comprising: 

A subject-of-examination data distinction means to distinguish data to be examined based on a user s 
specification by the network operator side. 

An attack data survey means to investigate whether data specified as a subject of examination is data 
which attacks. 

A select data providing means which chooses only data which does not deliver an attack, and data which 
was not specified as a subject of examination from an investigated result and with which a network operator 
provides a user. 

[Claim 5]In order to transmit data which a user specified as a subject of examination to an inspection 
system in the network base invasion test equipment according to claim 4, Network base invasion test 
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which a network operator is managing in the network base invasion test equipment according to claim 4. 
[Claim 7]It is a program for operating a computer as a system which executes by proxy network base 
invasion inspection management which is service to a user from a network operator, A 
subject-of-examination data distinction part which distinguishes data to be examined based on a user s 
specification. An attack data survey part which investigates whether data specified as a subject of 
examination is data which attacks, A program operating a computer as a select data providing part which 
chooses only data which does not deliver an attack, and data which was not specified as a subject of 
examination from an investigated result, and with which a network operator provides a user. 
[Claim 8]It is a program for operating a computer as a system which executes by proxy network base 
invasion inspection management (processing) which is service to a user from a network operator, A 
subject-of-examination data distinction part which distinguishes data to be examined based on a user's 
specification, An attack data survey part which investigates whether data specified as a subject of 
examination is data which attacks, A select data providing part which chooses only data which does not 
deliver an attack, and data which was not specified as a subject of examination from an investigated result 
and with which a network operator provides a user. In order that a user may transmit data specified as a 
subject of examination to an inspection system, A program, wherein a network operator operates a 
computer as a router which constitutes a network currently managed as routing parts which specify the 
point which transmits a subject of examination and data to be examined. 

[Claim 9]It is a program for operating a computer as a system which executes by proxy network base 
invasion inspection management (processing) which is service to a user from a network operator, A 
subject-of-examination data distinction part which distinguishes data to be examined based on a users 
specification, The attack Research and Planning Department which investigates whether data specified as a 
subject of examination is data which attacks, A select data providing part which chooses only data which 
does not deliver an attack, and data which was not specified as a subject of examination from an 
investigated result and with which a network operator provides a user, A program operating a computer as 
an attack inspection central control department which manages intensively an inspection of attack data to 
two or more users linked to a network which a network operator is managing (processing). 
[Claim 10] A recording medium recording claim 7 thru/or a program indicated in any 1 paragraph in 9. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention about the method and device which defend the apparatus connected 
to the network from the attack from a network, Especially, The network equipment connected to the 
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[Description of the Prior Art]The attack on the system connected to the Internet is generally classified into 
a theft, service disturbance, and invasion. The theft of data is performed by being intercepted, while direct 
access is not carried out to the computer of the owner of data but data goes via the Internet. A service 
spoiling attack is performed by intercepting the computer which provides service from the user of service. 
Invasion is performed because an aggressor becomes a computer of an attack target as a regular user and 
clears up and invades. 

[0003]Although the theft of data can prevent the data itself by [ advanced ] enciphering, it is a firewall and 
IDS that various methods are examined and the defense method for service disturbance and invasion is 
most generally used. 

[0004]A firewall is a computer system or a router arranged in the middle of connection between the network 
of a subject of protection, and the Internet, The filtering function has realized control of whether a packet 
may pass through between the Internet and the networks of a subject of protection / whether there is 
nothing well. The passage rule of a packet is set as a firewall by items used with transmission destination 
[ of a packet ], or transmitting origin or a transmission destination and the group of a transmission source 
address, and specific application, such as a protocol, a user or an user group, and time. 
[0005]IDS is apparatus which can prevent an attack, having a database of the traffic pattern defined for 
every offensive classification, and analyzing traffic in real time. IDS is introduced into apparatus, such as the 
phi wall in the node of the Internet, such as a firewall, and the network of a subject of protection, in order to 
supervise the traffic sent to the network of a subject of protection from the Internet generally. When IDS is 
detected [ the traffic considered to be an attack ], while recording the information, An attack is prevented 
by changing dynamically setting out of packet filtering of the firewall into which IDS is introduced, or the 
firewall which became independent of IDS set up a priori so that IDS can change setting out. 
[0006] 

[Problem(s) to be Solved by the Invention]Said firewall and IDS can prevent the attack from the outside 
delivered from the node to the Internet. As the always-on connecting means of INTANETTOHE, such as 
ADSL, increases, The personal business company and individual user who are called SOHO (Small Office 
Home Office), Even if it is a computer which connecting a computer to the Internet everlastingly is 
increasing and these individuals manage, in that the Internet is always accessed. An attack may be received 
on a par with the network of the major company protected by a firewall and IDS until now. 
[0007]However, the defending means of a firewall or IDS is hard to be introduced into the computer and 
network which an individual manages for that the introduction cost for purchasing apparatus is high, and the 
reason advanced knowledge is required for initial setting and employment. Although it was most in the 
company to station the engineer for employment of a firewall or IDS, it was actually difficult to perform the 
same measure in an individual user. 

[0008]The purpose of this invention introduces the network equipment in connection with security, such as 
firp.w;*!! anH ID.^ It is in nrnvirlinp' thft art whir.h r.An Hftfftnri thp. ;*ttpick from thft Intprnftt withniit fnrr.inor thft 



Best Available Copy 



JP 2002-335246 

[Means for Solving the Problem]It will be as follows if an outline of a typical thing is briefly explained among 
inventions indicated in this application. 

[001 1]A subject-of-examination data distinction step from which the 1st invention distinguishes data to be 
examined based on a user s specification by the network operator side, An attack data survey step which 
investigates whether data specified as a subject of examination is data which attacks, It is a network base 
invasion inspection method which has a select data offer step which chooses only data which does not 
deliver an attack, and data which was not specified as a subject of examination from an investigated result, 
and with which a network operator provides a user. 

[0012]In order that the 2nd invention may transmit data which a user specified as a subject of examination 
to an inspection system in a network base invasion inspection method of the 1st invention, It has a routing 
step which specifies the point which transmits a subject of examination and data to be examined as a router 
which constitutes a network which a network operator is managing. 

[0013]The 3rd invention has an attack inspection central control step which manages intensively an 
inspection of an attack on two or more users linked to a network which a network operator is managing in a 
network base invasion inspection method of the 1st invention. 

[001 4]A subject-of-examination data distinction means by which the 4th invention distinguishes data to be 
examined based on a user's specification by the network operator side, Data specified as a subject of 
examination possesses a select data providing means which chooses only an attack data survey means to 
investigate whether it is data which attacks, and data which does not deliver an attack from an investigated 
result and data which was not specified as a subject of examination and with which a network operator 
provides a user. 

[0015]In order that the 5th invention may transmit data which a user specified as a subject of examination 
to an inspection system in network base invasion test equipment of the 4th invention. It is network base 
invasion test equipment possessing a routing step which specifies the point which transmits a subject of 
examination and data to be examined as a router which constitutes a network which a network operator is 
managing. 

[0016]The 6th invention possesses an attack inspection central control means which processes intensively 
an inspection of an attack on two or more users linked to a network which a network operator is managing in 
network base invasion test equipment of the 4th invention, 

[0017]The 7th invention is a program for operating a computer as a system which executes by proxy 
network base invasion inspection management which is service to a user from a network operator, A 
subject-of-examination data distinction part which distinguishes data to be examined based on a user's 
specification, An attack data survey part which investigates whether data specified as a subject of 
examination is data which attacks. It is a program as which a computer is operated as a data selection 
providing part to which a network operator provides a user only with data which does not deliver an attack 

frnm ;»n invRRtiMtftH rA<:iilt s^nri H»tp whirh w;»r nnt .Qnftr.ifip.H ^is f\ Rtihip.r.t nf p.YAminfltinn 
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specified as a subject of examination is data which attacks. A data selection providing part which chooses 
only data which does not deliver an attack, and data which was not specified as a subject of examination 
from an investigated result and with which a network operator provides a user, In order that a user may 
transmit data specified as a subject of examination to an inspection system, it is a program to which a 
network operator operates a computer as a router which constitutes a network currently managed as 
routing parts which specify the point which transmits a subject of examination and data to be examined. 
[0019]The 9th invention is a program for operating a computer as a system which executes by proxy 
network base invasion inspection management (processing) which is service to a user from a network 
operator, A subject-of^examination data distinction part which distinguishes data to be examined based on 
a user s specification. The attack Research and Planning Department which investigates whether data 
specified as a subject of examination is data which attacks, A select data providing part which chooses only 
data which does not deliver an attack, and data which was not specified as a subject of examination from an 
investigated result and with which a network operator provides a user, It is a program as which a computer 
is operated as an attack inspection central control department which manages intensively an inspection of 
attack data to two or more users linked to a network which a network operator is managing (processing). 
[0020]The 10th invention is the recording medium which recorded any one program among said 7th [ the ] 
thru/or the 9th invention. 

[0021]That is, in this invention, it is a premise that network equipment in connection with security, such as 
a firewall and IDS, is installed in an Internet Service Provider's (ISP) network instead of a user's network. In 
other words, it is wide opened from a user purchasing and maintaining network equipment in connection with 
security by this for ISP implementing a measure in connection with security instead of a user. 
[0022]ISP manages a means to protect a network of a user who has connected, intensively. That is, a user 
linked to ISP specifies routing information reflecting conditions to be examined registered a priori as a 
router (edge router) which has connected a network of ISP, and the other network. 

[0023]It is transmitting data sent from the transmitting origin which, as for this routing information, a user 
specified as a subject of examination to an inspection system, and transmitting to a user data sent from the 
transmitting origin which a user does not specify as a subject of examination. Invasion can be inspected 
about a subject of examination which a user wishes. For this reason, routing of all the edge routers which 
constitute a network of ISP is managed intensively. An attack from other users linked to ISP to a network of 
a user linked to ISP can also cancel ISP, before an attack from external networks, such as the Internet, also 
reaches a user s network. 

[0024]By distinguishing a network which a user trusts from the other network as a way a user specifies an 
offensive subject of examination. Data sent from the other network inspects, and after safety is confirmed, 
a user enables it for a direct user to enable it to receive data transmitted from a reliable network, and to 
receive it Time which processing which will be performed by the time a user receives without checking data 
.<5ftnt hyj thi.Q frnm npifwnrU tn triiRt fnr in\/PRinn Hp.tftr.tinn Hftr.rft^*<;p.<5 «nH i<; rpnijirArl is 5?hnrtftnfirl 
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[0027] 

[Invention embodiment] Drawing 1 is a mimetic diagram showing a topology of a network concerning this 
invention. As shown in drawing 1 , it is connected to the network 107 of ISP via the routers 104, 105, and 106, 
respectively, and a users networks 101, 102, and 103 are connected also with the inspection server 108 
which applied a network base invasion inspection method and a device of this invention. The network 107 of 
ISP is connected with the Internet 100 via the router 109. Furthermore, the terminal 110 and the terminal 
1 1 1 are terminals located in somewhere on the Internet 100. 

[0028]In a network like drawing 1 , drawing 2 shows an outline of a flow of traffic realized by this invention. 
As for the terminal 201 which receives data from the Internet 100, the terminal 202 transmits data from the 
reliable network 212, and the terminal 203 will identify it, if data is transmitted from the network 213 which is 
not reliable. 

[0029]The router 204 will be transmitted to the receiving terminal 201 of data as it is, if data from the 
reliable terminal 202 which belongs to the reliable network 212 is received, on the other hand — the router 

204 — true character — when data from the unknown network 213, i.e., a network which is not reliable, is 
received, the data is transmitted to the inspection server 205. Data transmitted to the inspection server 

205 is inspected, when it is considered as a result of an inspection that it is safe data, the data is 
transmitted to the terminal 201, and as a result of an inspection, when it is considered that it is not safe 
data, it is canceled. 

[0030] Drawing 3 shows other data flow in a network of drawing 1 . A case where data is received from a 
terminal connected to ISP networks 107 where the receiving terminal 301 of data is the same shows by this 
drawing 3 , The terminal 302 transmits data from the reliable network 312, and the terminal 303 will identify it, 
if data is transmitted from the network 313 which is not reliable. If the router 304 receives data from the 
terminal 302, received data will be transmitted to the terminal 301. 

[0031]On the other hand, the router 305 will transmit received data to the inspection server 306, if data 
from the terminal 303 is received. Data transmitted to the inspection server 306 is inspected, when it is 
considered as a result of an inspection that it is safe data, the data is transmitted to the terminal 301, and 
as a result of an inspection, when it is considered that it is not safe data, it is canceled. 
[0032] Drawing 4 is a figure showing functional constitution of an inspection server which mounted this 
invention. The communications channel 401 expresses LAN (Local Area Network) and other transit 
networks. Data divided into a packet or data which is not divided is received by the network driver 402 via 
the communications channel 401. 

[0033]The network driver 402 comprises hardware or software, hardware, and software, receives data from 
the communications channel 401, and changes it into a gestalt which can decode a computer. The network 
driver 402 is delivered to the data analysis part 403 which analyzes data to receive data in real time. 
[0034]The data analysis part 403 comprises the user policy execution part 404 and the invasion defense 

n^rt dOFi Thp. iiRp.r nniir.v AyRr.iitinn oprt 404 Hp.tfirminftc; whftthpr r.^nr.f>i\ d?»tp whir.h rpr.ftivp.H frnm np.twnrk 
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level here. Data which was not canceled by the user policy execution part 404 wins popularity to the 
invasion defense part 405, and is passed to it. The invasion defense part 405 judges whether data is safe 
with reference to the invasion pattern database 407 with which offensive data is defined. The subscriber 
management department 408 has managed the user databases 406. When a user s data registered into the 
user databases 406 is changed, the routing Management Department 409 notifies change of routing 
information to an edge router (equivalent to the routers 104, 105, 106, and 109 in the case of the network 
1 07 of ISP of drawing 1 ). 

[0036] Drawing 5 is a figure for explaining how to determine the point which transmits data which an edge 
router received. There is the access table 502 in each edge router, two kinds of information are indicated in 
this table, and an address which shows a network trusted for every service subscriber of the network 107 of 
ISP is written. The "member" column expresses a member who wishes to inspect, and an addresser who 
receives data is expressed, without inspecting in the "trusting agency" column. 

[00373 Drawing 6 is a flow chart for explaining an example of processing of a router (edge router) currently 
installed in a boundary of a network of ISP and other networks which are managed by inspection server 
which applied this invention. 

[0038] Below, data sent to a network of ISP is called inflow data to ISP from a network of a user using the 
Internet or ISP. 

[0039]An edge router will judge whether it is data transmitted to a subscriber to inspection service with 
reference to an access table, if inflow data to ISP is received (si 01) (si 02). When data is not data 
transmitted to a subscriber to inspection service, it transmits toward an addressee (si 04). On the contrary, 
in the case of data in which data is transmitted to a subscriber to inspection service, it is investigated 
whether an edge router is a sending person who belongs to a network which a sending person of data can 
trust and who can trust it (si 03). 

[0040]In being a sending person whom a sending person of data can trust, it transmits data to an addressee, 
and when it is a sending person whom a sending person of data cannot trust, cis- TEMUHE data which 
inspects data is transmitted (si 05). 

[0041] Drawing 7 is a flow chart for explaining an example of processing of a system which inspects data with 
the application of this invention. If data is received from an edge router (s201 ), an inspection system of data, 
A security level which a user registered into beforehand from user databases is searched (s202), and 
received data confirms whether to have agreed in a security level searched from user databases (s203). 
Data is canceled when not having agreed in a security level which a user registered a priori as a result of a 
check (s204), When having agreed in a security level which a user registered a priori, an inspection system 
searches a pattern of invasion which IDS holds (s205), and analyzes the danger of received data. When an 
analysis result of data is judged to be data for invading, (s206) and data of those are canceled (s204). and 
when that is not right, it is transmitted to an addressee (s207). 

rnn49lnr;:»winor ft Ir th« H^tA whir.h rficnrdfiH onp.ration of an insnftr-tinn csvstp.m whir.h AnnliRrl thi<; invp.ntinn 
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since it turns out that ISP is attacking an inspection service subscriber in order, it becomes possible to give 
a user linked to ISP which has not received an attack an alarm, or to give him more effective management. 
[0043]As mentioned above, as for this invention, although an invention made by this invention person was 
concretely explained based on said embodiment, it is needless to say for it to be able to change variously in 
a range which is not limited to said embodiment and does not deviate from the gist. 
[0044] 

[Effect of the Invention]It will be as follows if the effect acquired by the typical thing among the inventions 
indicated in this application is explained briefly. According to this invention, the user using a network 
becomes available about the security solution provided by ISP used when accessing the Internet, without 
installing the network equipment in connection with security oneself. 

[0045]That is, the attack via a network can be prevented, without [ without it purchases hardware and 
software for defense of a user's attack, and ] mastering the knowledge which employs those hardwares and 
software. 

[0046]In the position of ISP, this invention can be provided as added value of service of ISP. 
[0047]In defending an attack like DDoS (Distributed Denial of Service) which consumes a network zone, 
According to this invention, it can make it possible for ISP not to pass the traffic which is sent from the 
upstream of a network topology and which is not preferred, and a zone for a user to connect with external 
networks, such as the Internet, by this can be secured now. 

[0048]Since network operators, such as ISP, provide offensive inspection service by the system managed 
intensively at one place, compared with the user conducting the individual and same attack inspection, the 
range which can collect the records on which an attack was delivered spreads in whole ISP. For this reason, 
the new information which was not found only by individual record may be acquired. 
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{%mm^Li^ot-fhWkm\ m%lyr^7^t-)V 
1 1 D Sii>( y-Sf-^ y h^<7^mM.i}^^'fihtih9Y^ 
i)>h<^imim<^ h ifXt S . A D S L^iT)^ y ^- 

A- -y h ^(D'^mmm^m^mix <iiz itzt^-ox . s 

OHO (Small Office Home Office) k.mftlhM 

v\,z'^xm\.zw^Lxii<Lttimx.x^xti^. z.ti 
<^(iA*^'i=s-f-i)3yt:i-:$'T'i>oTt, -^y^--^^ 

•yh'^'^I.Zim.LX\^ht\^os^X\ ZtitXyr^T 
^^-)\^lDSi,zX'^X'^^tlX^^tiX^<OA-'yh 

[0007] L*^L, 7r^T'^*-;P^I DSc7)|5fi^ 



x^tnz<\\ mf^^. ife^t{i7T-f r7*-;K>i D 

s cr,mmtzMzmi^^mm ix\'^iztmibA.t' 

mmx'h-^rz, 

[0008] *j^BBioaW(i. 7r-fr7:r-;l^lD 

<. ^y:?-^>yh*><^cOJfc«lr|56ffll-ri.;i:*«t'l'l. 
[0009] *5^0joMfe^'^yi;^c^fl!!^7)gWtfr^ 

[00 10] 

[isii^»^-ri>/ci6c7)#g] :^mizf5\^xm^-^tih 
cota^xhi. 

[0011] mi ^-y h7-^JI##iiyC'a 

nmr- ^ -yrt. m&nm t i^^^titzr- 

^ ^ fir 3 T- ^ ^ PS-r I. ifeSr- ^ liS 
m^^t t&^$ *i=5r*>o /if - ^ fzmWS{ \X ^ -y 

[0012] w.2(r)%m.i. mum i <^wm^^y h v 

Ifzr- ^ ^^fii^xf AlcfeJMt . % -y 
bV-^3^^*^'S^LTV^.5.^-y hV-^^r^l^-ri. 

t&^LTt5<;P-f -f y/Xf >yr$r^-tSi<^T'$> 
I.. 

[0013] m3c7)|&BM. HUlEm 1 (rmm^- yVV 
-^'<-XftA^S:^>£t3t3V^-C, ^^^yhy-^St* 
tt v^|> 4-y h V-^\.z^m, fC V ^I.ISm^Oa- 
[0014] Sl4C0^B«{i. A-y VV-9'm^mX:^ 

-^(r)^'&\zm-^\^x^^mt^<^'f-9^m\thmL 
nm-f%wm.b.m^Witm.'^Mzr-'9\t 

[0015] |g5iO^0H{i, HUfBm40%B^<7)^-y h7 
- ^ ^-X fiA^S^iatCi^ V ^-c , 0.-^if^n^ t 
i^^Uzf-:^i^i^^7-Mz^mhfzMz. 4-y 
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[0016] I^6C7)^0J{4, fiiem4(0^BJO^-y hV 

[0017] w.i<rm%t. ^-y V^—7m,^^ho. 

fz^cr>ru9'vh.'^h->X . o--^<r:>^mzm^\^X^ 

I.. 

[00 1 8] mSO^HHti. ^^'y 
— !fV\tO-9--t'X-C'S>l.^-y hV-^'<-X|SA^S'f 

m'frmix^-^ -y r i^jiet-rs 

^'^m^>'^TMz^^-tifzMz. ^-/bv-^a^ 
mnix\'^h^-yh'7-9im^t^/\^-:^m 
mmm^m!(tMk<Df—$' mmt^^^m^ixts 
ov-T^y/mt hx^y\:a.—S'^m^^^hru 

[0019] m9cO^BJl4, ^s.y h7-i?SS%**<^>i 

m^'m.Lx^^ -y h 7- ^ r tz^ffi-r I. 

%r-9(r)'m.^%^mz*m. (ijaa) -ri.jfcie«i3!^ 
[ 0 0 2 0 ] m 1 o<7)%Bfl{4. Biiieig7;n>iim905iBfl 



[002 1 ] t^ihh . *3^Bflt'{4. 7 r ^ 77 * 

tg{4. a— t>-W>y h7-^t'{4=5r<. y^-4-yh 
■9--t'xro>'N''f ( I S P ) <7):t-y h7-:J'(;iga$ 

r-ft;:Bai3l.^-yh7-i7lllS^!iA. *tl^-ri. C: i: 
[0022] \SY>\i)^^'l,X\^l>:i--^(r>^-^-jVV- 

9^m:fh^m%^mz<m.-fh, ^t^hh. i s 

PiO^-y b 1 ^tlW\-<0^^ >y h 7-i? STJI^fC 
v^S/P-^ (x-y-J/i—jf) izii^ I SPt^^gEUrv^ 

-y'^y9'mm^m^txii<. 

[0023] Z<7))l-T y^'ffifBti, a-if*^"^S^ 
7tt->^m^tiX^fZT-9ii.:i--^iz^vktl Z t X\ 

:2.-^mm-thm&Mmiz-^^ ^xmxcom^mttt 

^Ztt^X'^^. ZCOfzMZ. I SPO^-y h7-:7$r 

mfHtif^^x^ox .y i;fu-:!'<7))u-^ H yy^m^m 
tc^at. isp\,zmmLx\^h:i--'f(^^'/Yv~9 

i^znth I SPlcJfg?LTV^|>fl!iOJ.— f>/bcr)ij^lS 
A y:?-^-y h^(7)^ha5^-y h7-:7*^/bi7)ik31i 
!fc7)4--y h7-^'l3Mf ■Slum SP*«S!cij| 

[0024] !f>':0J^^7):^4«^&*§£-ri.:/3-ai: 
VV-9t m\th ^ i: cfc oT. m^-C-S I. ^> -y h 7 
I.J:atcL. WM<^^^'yV'?-9t)^^mhfiX^tz 
I. i a iz-r . Mz J: 0 , flU-r 2. 4^ y h 
X -y 5:^{fmJ-— f *^Sfi-ri. *-Cl:ff Ma 

[0025] !f>'Sfi-ri>twSOS>|.A-:;r.y bcO-K 

^tlX^^^^-^'r-y Y^Wmth^tti^X'^ ^ . 
[0026] OT, 3|s:^Bfl^;o^^T, ia®&#BBtT* 

^(^nmmmi^mm) ttuztm^zmm'th. 

[0027] 

mwm^i^^tmmx'hh. m i t^-r j: o ^ 

— fiO^s.y h7-^ 1 0 1 , 10 2, 1 0 3{4, -eii-r 
il/U-:? 1 0 4 . 1 0 5. 1 06$:giL-CI SPO^T- 



!(5) 002-335246 ( P 2 0 0 2- 3 3 5 2 4 6 A ) 



-;^<SA«^:^3itA'gSlrjifflL/l«!*-9--A'l 08 

ttS^^flTV^I,, I SPc7);t-yh7-^l 0 7{i. 

^7 M 0 0±c7)i:ij!,Hc:{i]tS-rSS*T'^bS. 
[0028]112{i, HlcOia^r^-y h7-^tlfcv^ 
*^BJtZj;-:.-C^Il$ill.h77^ ■y^'cOlIilcOSl 
^SttkLTv-^I), ^ y^'-^-y M 0 0*^<i)i7)T-^2r 
Sfit-|>JS* 2 0 1 {i, a* 2 0 2 {iflMt-^ -I. ;t-y h 
"7-^'2 1 2*>^>T-^?riliflL, ffi*2 0 3{iil!ST- 
§^l^^-yh7-^'2 1 3*>/i>T-:J'5rjllfttTV^|>t 

C 0 0 2 9 ] ^ 2 0 4 (ifiMt'^ 1. ^- y h 7- 2 
1 2mEtTV^|,(ii(t:'# SJi§*2 0 2i)>h<r)ir—9 
^^\mhh. '?-c7)^tT-:?c^Sfi«*2 0 1>MS)* 

ti.. --n. )v~9 2^AffmkP\-'^m^-jyv~9 . 

[00 3 0] 03(4, mo^t-y bV-^lCj^tt-SfHKO 

{4, T-^'C05fiffi*3 0 1 *iplt I S P^-y hV-i? 
1 0 7Cjgg!$ilTOl)S**^f>T-^2-SfI1-|.*^-& 

t-S) 0 , ffi* 3 0 2 ammx-^ i> ^-y b 7-^ 3 1 2 

(^T-iS'immi. mm 0 3{4fiilSt'#^V^;t-y h7 
-:?3 1 3*^^>T-^^mLTV^|>^ilSiJL-CV^-i., 
;P-^'3 0 4*>m3 0 2*>4>T-^5:Sftt'l.i:. S 
ftL7tT-:?{4S*3 0 l^mm^tl^. 
[0031 ] -Ij. }\'—9 3 0 5{4S*3 0 3i}>h(ryf 

-eor-^tiSis^SO ^StO^m. ^± 

[ 0 0 3 2 ] 114 {4. i^^m^^Ltdm.-f-'«nm 

m^^i^--fmX'hh . 3ifi^A'^^;l-4 0 1(4LAN 
(Local Area Network) •^flll<7)4'*tt4--y h 7- ^'S: 

$ixTV^^:v^T-^'{4. )lfi-?-v;t>/W4 0 1 ^i^^LX 

;t-y h 7-^ H 7 'f >\'4 0 2 {3 J: oT^fi$*ll) . 
[00 33] ^-y h 7-7 H7'^>'N'4 0 2(4. A-H7 

X ^>:{4y 7 h X r . atx^x- h7 x r&i^y 7 b 

-^xTtiUfiic^n, mm^i-^^-iVA 0 l*>^>r-:?SrS 
^-y h 7-^^ H 7 ^ yN'4 0 2 (4. T-7 ii^mth b U 



[0034] r—^mU4 0 3 {4a-if ;K'J x^lffSB 
4 0 4 i:ff A|5StJPa54 0 5*>/^«fi£§ilS, JL— tf^K'J 
i^^^f^54 0 4{4, :x— f*i*HU{3§lltTJ>l.-fe=»f A 
>Jr^OP^;l^5:fii^?t-CS>I.J-— rT-:?^-;^.4 0 
6t:mmL. ^>y h7-^' H7-Y>'N>^>^{tiS$*i^r 

[0035] c:::f<7)-fe^iUr^^'<;i't(4, ^^^4^ 

iSj t\^d 3$mmmxmt^thx^. ^ti^ti(7)m 

0 4{cJ;'5-Cfi5S$ii:S:*^o/cT-7{4. ^tAKfflia54 
0 5^g(t>I$fLl.. fiA|5S1JPS4 0 5t4, ijjSSOr- 
7*^'SaL•C3il.^SA^^°7-yT-:5'<-;^4 0 7$r# 

ag|54 0 8(4jl— fT-:5"<L-;^4 0 eSrfafCV^ 
|>. :2.— »fT-7'<-X4 0 6t^ll$ilTV^|.i— r 
C0T-7*^"^M$*I?t^, yU-T^ y/f 3954 0 9 
t4X-y>'';l/-:? (111(7)1 SP<^:t-y h7-7 1 0 7C7) 
i^tc{4. ;U-^10 4. 10 5. 1 0 6. 10 9tffl 

[00 36] I15{4, x.yv'VP-^i-'SfiL/tT-^S: 

iEili-ri>^^^S-ri.:^i£^iMB«tl.^ca6coll-cS)l.. 
#x.yi/>-:?tc{4r^'-t;?.r-7';l'5 0 2*^$>Os 
<7)Tr-7';l^t;{4 2 i^cOltl8*5|eiJ§ n-C i3 0 . ISP 
cO^-y h7-7 1 0 7c7)Hf-t'XjDA#r t Wi!ffi-ri> 
^-y h7-i?5:in-rTH l/;^*^'S*^ilTV^I., rjnA 

*j ffia{4^^^#a-r-?>jaA#^^t. r^mjcj tgat; 
[0037] ii6{4. :^^m^mmLfzm&^-^Mzx 

■oX'Sm^tLh I SPc7);t-y h7-7i:-ec7)flfec0^-y h 
7-;?t<7)^^(ciSa$iiTV^|,;P-7 (X yi^Vk- 

[0038] lilTXU. ^ y^-^ y httiU ISPi 

flJfflLTV^i,a— rc7)^- y h7-^?*^^5. I SP<7):t-y 
h7-^'A.ii<?>ilt<I.T-i5'^ I SP^(7)8SAt-7 

[ 0 0 3 9 ] X y >?;U-^'{4. I S P'vOsgAr-:?^ 
Sft-t^fc ( s 1 0 1) . r7-b^r-ryl^^#BSL. 
^jH^_t'xojpA^^jMfi$n-Ci.^l>T-7*^??*^& 
^fiJEKtl. ( s 1 0 2 ) . f-:?*^'^S-9--t'AcoSPA# 
'S3li<l$*iTV^|.T-^f{4'5r^^%&{4. Sfl^'M*]*' 

-oxmmti ( s 1 0 4 ) . isiz. f-7*««i3E-9--t' 

x<7)SPA#^j||fi$^iTV^-l>T-7(7)*i-g-{4. x-y 
-^{4r-^cOj*fi**^'fi!lt'# 1.^-y VV-y\z?m 

\.x\^h^'m%hwmxhhti^t^^m'<^h ( s i 

03) . 

[0040] r~9<rymMif'miX:t h'&mx'hh 
fi!ST'#^v^iSfi#t'J>l.%^{4. r-7(0ei$^ff3 
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$^XtAa.t-:J' SriKiM-ri) ( s 1 0 5 ) . 
[ 0 0 4 1 ] UTti. :^mi:mmLXT-:^m^i: 

-^§rSft-ri.i: ( s 2 0 1 ) . a— •f r-^'^-XA* 
( s 2 0 2 ) . ^mLfzr-'?>if^-^T-'^<-:^t> 
x-y7-rS(s203),f-x •/ ^f• 

m^z^^Ltz-^^ A 'J X -f LT v^^v^*!-^ 

ll{lf-:?€rfi@PIL ( s 2 04 ) , JL-i^*«^frtcSII 

i^XrAfi: I D S*<fiH^Li:v^l.fiAc^^N'^->'&^^ 

L ( s 2 0 5 ) . ^mLfzi'-'^(^im^^mth. 

m^ixtz^izii ( s 2 0 6 ) . ^(Tyf-i^mm^ 
( s 2 04 ) , -eo-C'^V^i^-^lC{±^fi#^^?S3*$il 

I) (s 207) . 

[004 2] USti, *l%B^&3ifflL/c^]£i/;2>TA<?) 
iJf^^fB^Uv:r-:5''r'*)0. 801, 802. 803 

^lfzimT-:^^zii. ^ti^tilO. 10. 10. 1 
i:V^5THl^X$:ft^oS**>'b "brute-force" 

-^T^L^^ii/clBIST-^ (804) fflS'Jc7)iSlS 

L-CV^I,Ct7t)%7t)^l,/i*^, ijci^eStfCv^^vu SP 
izmmLX\>^t:i.-^l,zmi^^-ttz O . i O^SW^: 

D!imm-t^bf]^'^mz^j:i,. 

[0043] :^%m^^zx^xKc^tLfz^mi. 

mimmmmizm-:^^mmzmmirzt^. 

a. w!imimmizm^^tiii><7)X'it^j:<. 

^fviX'hi, 

[0044] 

imm3§:] :^mi,zii^^xmr.^tihm(^d-him 
mi><r>izi'yxmtLmmmmzmmm. t 

iicritii'ox'hi, ^^mzxtiii. ^-y hv-i^j-fij 
mzmmth ispizx-^xmrn^ti^-t^s^oT^v 

[0045] t^j:h-h, x—fi}nx^cr)mm<^fzMZ^^ 
tfiX'^h. 

[0046] IS P(r>±mX'U. *f&HJ^ I s PO-9-- 



[ 0 0 4 7 ] ^-y hy-i^cO'^lS^Mg-ri) D D o S 
(Distributed Denial of Service) Oio^JScS 

mm-ti^izii. i^^mi^zxtiii. isp*<^^-yh 
'7-i:^(7)mmBmco±m.m^^'^mkiix?^mt 

v^^57^ •y^5:ii3a$-(t^v^it$:^|g{wL, Ci^it:: 
i-5T, a-if*W yrJ'-^-y h^O^'hSP^-y by-:? 
^^^■tl. tzM>^mmmi Zbt/^X'^lXd i,z^j: 

I. 

[0048] Jj^^O^Sl^-t'X^, I S P^CO^-y h 

'7~^m'Em^-mmx'm'i>mz'§m-th i^xrATH 
^i-^tzib. :^-^i}immmmmm^i:ixi^i 

z t izit^x . ^m^'ffhtitdmmmx ^ i mti^ 
isp±mz!j^t^i. zcDtzi^. mm<7^mmfxith 

[01 ] :^m<^mmmmi^y h^p-^mm 

^i^tm^mx'hi. 

(112 ] ^^mmmmx-mm^tih hyy^-y ^(om.<^ 

wmmmti tzubm^mx-h h , 

[03] :^mmmx'm.^iih^(r>\'yy ^ ^v^fff^m. 

fi(r>wmimm-th fzisb<7^immxh h . 

[05] ^%mmsn:s^ 7 ^<r>m.^m:my 
[06 ] i^%mmr>^-'9<m&^'n'> i/XTJ^<m 

mm^mmthtzm) 7 q-^ a- - h -c-fc s . 

[08] *l|]iiU^^<0«lSi/;^rAiOi>f^$:IBIIL?tT 
~9Xhh, 
[1$^OUeaj] 

1 0 0 --f ytJ'-^-y h 

10 1, 10 2, 10 3-^-if<7)^-yh7-:J' 

1 04, 1 0 5, 1 0 6-;U-:? 107-ISP 

C7);t->y ^7-9 

1 0 8 "l^$-9--^\* 1 0 9-;P-:? 
110, 11 l-SQ* 201, 20 
2, 203 "^ 

2 0 4 ";l'-:? 2 0 5-ei$Hf 
— y-N 

2 1 2"fi!lSt:'#|.^>yhV-:5' 
I'^V^^-y hV-:? 

3 0 1-Sft«* 

3 04, 3 0 5-;P-:? 
-A' 

3 1 2- fi!®t'^^^>y hV-^' 
#^U^-y hy-i? 

4 0 l -jift^-^'^T-;!/ 



2 1 3-fiig-C' 
302, 303 

3 0 6 "^2tf 

3 1 3-fi!®t' 

4 0 2-^>-y h 
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4 04 "i— f 

4 0 6-JL-if 



4 0 7-fiAVN*^'->'T-:?'^-;^ 4 0 8-jDA* 



5 0 



4 0 9 ";u-x^y^i=aa5 

5 0 2-r:J'-feXf— 7';U 




108 



— 103 



[@2] 
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